Helpful articles about Office 365, and related products

Merging local AD users with Cloud users

Office 365 is no ”new kid on the block” anymore, and most companies are running with AADConnect, with or without ADFS. But I still see smaller customers, who have a local AD and an Exchange Online tenant, without any connection. It rarely takes a lot of time to convince them, that managing 2 user accounts, is a lot more work, and usually they are REALLY tired of changing the online password, because users forget! Or perhaps, even worse…. They set the passwords to never expire

So, is there an easy way to “merge” the two? Yes, but you need to plan it well, and have all the settings of your users correct.

I’ll describe it in the following steps.

I already installed AADConnect, and made sure to use OU filtering, meaning, that I only synchronize certain OU’s to Office 365. In my case, the “Users” OU is synced. The OU “Not synced”, is were my users that I want to sync are located.

In my Office 365 tenant, I have my 3 cloud users (I’m aware that one of them is missing a license, but that doesn’t really matter 😊)

So, first step is to makes sure that the local users have the correct settings Make sure, that their correct email address is in the “E-mail” field

Next, choose the “Account” tab, and make sure that the users UPN matches your public mail domain added in Office 365

If you have a “local” domain (in the old days, it was fairly normal that the AD domain was .local .lan or something not internet routable.) You need to add your SMTP domain as an UPN suffix. Open “Active Directory Domains and Trusts”, takes properties and add the domain.

Make sure you make that change to all your users. 😮

Now were ready to start merging users. You might want to test with a made-up user first, but otherwise its just start moving users to the synced OU and run AAD Sync.

To force a synchronization you need Powershell, otherwise you have to wait up to 30 min (default sync time)

Logon on to your Office 365 tenant with Global Admin rights. Then run the following command

Start-ADSyncSyncCycle -PolicyType Delta

Wow and behold. Users who, before the change had 2 passwords and 2 user accounts to maintain, can now benefit from all the features of AADConnect 😊